Dovecot 2.3.4, FreeBSD 11.2 Due to comcast buisness ISP intercepting imaps I need to have my clients connect to non-standard port (9999). Previously I had been using stunnel to receive the imaps connection and forward it to the imap port over 127.0.0.1. But I would like to retire stunnel and have my imap clients connect remotely. I have configured the imap-login service - service imap-login { inet_listener imap { address = 127.0.0.1, ::1 port = 143 } inet_listener imaps { port = 9999 } process_min_avail = 3 service_count = 0 vsz_limit = 1 G } But I am not seeing any listeners on port 9999 - root at ns(1001)# netstat -an | grep 9999 Using sockstat on FreeBSD: root at ns(1002)# sockstat | grep dovecot | grep tcp root dovecot 34800 15 tcp4 *:4190 *:* root dovecot 34800 37 tcp4 127.0.0.1:143 *:* root dovecot 34800 38 tcp6 ::1:143 *:* I have mail_debug = yes, but I don't see any failures. What is the best way to debug why I am not seeing this port number? Thanks, Patrick -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190121/5082d39d/attachment.html>
On 21 Jan 2019, at 20:17, Patrick Mahan <plmahan at gmail.com> wrote:> Due to comcast buisness ISP intercepting imapsAt you sure about that? I've been using comcast business for 7 years and the do not block 143, 993 587 or 25. they do block 110, but that's fine, I stopped supporting POP around 2001. Other than 110, they block DHCP, NETBIOS, SNMP, and ports 445, 520, and 1080. They will block port 25 on a individual basis, but I've no idea what their criteria is for that.> I need to have my clients connect to non-standard port (9999). Previously I had been using stunnel to receive the imaps connection and forward it to the imap port over 127.0.0.1. But I would like to retire stunnel and have my imap clients connect remotely.An stunnel or a reverse proxy is the best way to do this, honestly. As for why your config isn't working, my only guess is maybe you need to specify ssl? inet_listener imaps { port = 999 ssl = yes } ? -- If you write the word "monkey" a million times, do you start to think you're Shakespeare? -- Steven Wright
Yes, I am pretty sure about that. I originally was connected via AT&T DSL but wanted the fast access of cable modem. I need permanent IPs which required me to contract with Comcast buisness. Once I switched over, I was no longer able to access my imap server, which was as I mentioned, stunnel listening on the imaps port and forwarding to dovecot listening on the imap port. I was getting connection refused on my laptop (thunderbird) email client when I was not at home. I validated that it was not because it was reaching my email server. So who ever was rejecting it, I assumed it was somewhere inside the comcast network. Once I switch to a non-standard port, I was able to connect again. Re needing to say ssl = yes, I thought that was implied for imaps? I can go back to stunnel, just thought it was an unnecessary layer. Thanks, Patrick On Mon, Jan 21, 2019 at 8:46 PM @lbutlr <kremels at kreme.com> wrote:> On 21 Jan 2019, at 20:17, Patrick Mahan <plmahan at gmail.com> wrote: > > Due to comcast buisness ISP intercepting imaps > > At you sure about that? I've been using comcast business for 7 years and > the do not block 143, 993 587 or 25. they do block 110, but that's fine, I > stopped supporting POP around 2001. > > Other than 110, they block DHCP, NETBIOS, SNMP, and ports 445, 520, and > 1080. They will block port 25 on a individual basis, but I've no idea what > their criteria is for that. > > > I need to have my clients connect to non-standard port (9999). > Previously I had been using stunnel to receive the imaps connection and > forward it to the imap port over 127.0.0.1. But I would like to retire > stunnel and have my imap clients connect remotely. > > An stunnel or a reverse proxy is the best way to do this, honestly. > > As for why your config isn't working, my only guess is maybe you need to > specify ssl? > > inet_listener imaps { > port = 999 > ssl = yes > } > > ? > > > -- > If you write the word "monkey" a million times, do you start to think > you're > Shakespeare? -- Steven Wright > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190121/2e435f7d/attachment.html>
On Tue, 22 Jan 2019 at 06:17, Patrick Mahan <plmahan at gmail.com> wrote:> Dovecot 2.3.4, FreeBSD 11.2 > > Due to comcast buisness ISP intercepting imaps I need to have my clients > connect to non-standard port (9999). Previously I had been using stunnel > to receive the imaps connection and forward it to the imap port over > 127.0.0.1. But I would like to retire stunnel and have my imap clients > connect remotely. > > I have configured the imap-login service - > > service imap-login { > inet_listener imap { > address = 127.0.0.1, ::1 > port = 143 > } > inet_listener imaps { > port = 9999 > } > process_min_avail = 3 > service_count = 0 > vsz_limit = 1 G > } > > But I am not seeing any listeners on port 9999 - > > root at ns(1001)# netstat -an | grep 9999 > > Using sockstat on FreeBSD: > > root at ns(1002)# sockstat | grep dovecot | grep tcp > root dovecot 34800 15 tcp4 *:4190 > *:* > root dovecot 34800 37 tcp4 127.0.0.1:143 > *:* > root dovecot 34800 38 tcp6 ::1:143 > *:* > > I have mail_debug = yes, but I don't see any failures. What is the best > way to debug why I am not seeing this port number? > > Thanks, > > Patrick > >I would leave dovecot config untouched and use a firewall (PF) to translate port 9999 to whatever dovecot listens to. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190122/e1c3b1af/attachment.html>